CVE-2022-38457

A use-after-freeUAF vulnerability was found in function 'vmwcmdrescheck' in drivers/gpu/vmxgfx/vmxgfxexecbuf.c in Linux kernel's vmwgfx driver with device file '/dev/dri/renderD128 or Dxxx'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of...

CVE-2022-36402

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfxexecbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 or Dxxx'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of serviceDoS...

CVE-2022-2734

CVE-2022-2734 affects OpenEMR prior to 7.0.0.1 and is due to improper restriction of rendered UI layers or frames. Public descriptions consistently state the issue as a UI/iframe restriction vulnerability (clickjacking-related). The available connected documents describe the affected software and...

@newskit-render/auth (>=0.5.1 <=0.31.0), @newskit-render/core (>=0.57.0 <=1.40.0) +4 more potentially affected by CVE-2022-35924 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.1.0)

next-auth NPM version =0.0.0-manual.83c4ebd1, =0.5.1, =0.57.0, =0.35.0, =1.1.0, =0.0.1, =0.0.5 Source cves: CVE-2022-35924 Source advisory: OSV:GHSA-XV97-C62V-4587...

August 9, 2022-KB5015730 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2

August 9, 2022-KB5015730 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 10, version 20H2, Windows Server, version 20H2, Windows 10 Version 21H1, and Windows 10 Version 21H2 Release Date: August 9, 2022 Version: .NET Framework 3.5 and 4.8 The August 9, 2022 update for Windows...

CVE-2022-0971

Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page...

August 9, 2022-KB5015732 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11

August 9, 2022-KB5015732 Cumulative Update Preview for .NET Framework 3.5 and 4.8 for Windows 11 Release Date: August 9, 2022 Version: .NET Framework 3.5 and 4.8 The August 9, 2022 update for Windows 11 includes cumulative reliability improvements in .NET Framework 3.5 and 4.8. We recommend that...

GHSA-MXVC-FWGX-J778 Whoogle Search Cross-site Scripting via string parameter

The package whoogle-search before version 0.7.2 is vulnerable to Cross-site Scripting XSS via the query string parameter q. In the case where it does not contain the http string, it is used to build the errormessage that is then rendered in the error.html template, using the flask.rendertemplate...

PT-2022-7520 · Webkitgtk +6 · Webkitgtk +6

Name of the Vulnerable Software and Affected Versions: WebKitGTK versions prior to 2.36.8 Description: A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags allows attackers to execute code remotely. This issue is related to the rendering of web pages and can be...

Remote Code Execution (RCE)

Overview eta is a Lightweight, fast, and powerful embedded JS template engine Affected versions of this package are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only...

Malicious Package

Overview schema-render is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Note: This malicious package was uncovered by one of...

Malicious code in @blockpro/render (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0a1f7bd81ab8adb76301077c7c586699a72c2ece1c42f8a97e15f14c1fd1072 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-125 Malicious code in @blockpro/render (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a0a1f7bd81ab8adb76301077c7c586699a72c2ece1c42f8a97e15f14c1fd1072 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in swift-docc-render (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a748548471b692a94eca43cc0901dbd088779b2299a9f19990ba0709de837502 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6375 Malicious code in swift-docc-render (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a748548471b692a94eca43cc0901dbd088779b2299a9f19990ba0709de837502 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5964 Malicious code in schema-render (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0626f8c6634d26e8d8dfc4b08b2393fbbbeeea2885c7a2bb08be05c835682c0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in schema-render (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0626f8c6634d26e8d8dfc4b08b2393fbbbeeea2885c7a2bb08be05c835682c0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Design/Logic Flaw

libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init in renderpipeline/lowmemoryrenderpipeline.cc...

CVE-2022-34000

libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init in renderpipeline/lowmemoryrenderpipeline.cc...

CVE-2022-31403

ITOP v3.0.1 was discovered to contain a cross-site scripting XSS vulnerability via /itop/pages/ajax.render.php...